Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9079 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68861 | 2 Plugin Optimizer, Wordpress | 2 Plugin Optimizer, Wordpress | 2026-01-20 | 7.1 High |
| Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7. | ||||
| CVE-2025-68860 | 2 Mobile Builder, Wordpress | 2 Mobile Builder, Wordpress | 2026-01-20 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through 1.4.2. | ||||
| CVE-2025-68850 | 2 Codepeople, Wordpress | 2 Sell Downloads, Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12. | ||||
| CVE-2025-68608 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9. | ||||
| CVE-2025-68607 | 2 Hiroaki Miyashita, Wordpress | 2 Custom Field Template, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5. | ||||
| CVE-2025-68606 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-68605 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.18. | ||||
| CVE-2025-68603 | 2 Marketing Fire, Wordpress | 2 Editorial Calendar, Wordpress | 2026-01-20 | 8.1 High |
| Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8. | ||||
| CVE-2025-68602 | 2 Scott Paterson, Wordpress | 2 Accept Donations With Paypal, Wordpress | 2026-01-20 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1. | ||||
| CVE-2025-68601 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.7. | ||||
| CVE-2025-68600 | 2 Wordpress, Ylefebvre | 2 Wordpress, Link Library | 2026-01-20 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.4. | ||||
| CVE-2025-68599 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4. | ||||
| CVE-2025-68598 | 2 Livecomposer, Wordpress | 2 Page Builder: Live Composer, Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.0.5. | ||||
| CVE-2025-68597 | 2 Blueglass, Wordpress | 2 Jobs For Wordpress, Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.7.17. | ||||
| CVE-2025-68596 | 2 Bitapps, Wordpress | 2 Bit Assist, Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11. | ||||
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.7.7. | ||||
| CVE-2025-68594 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.1 High |
| Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.1. | ||||
| CVE-2025-68593 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68592 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68591 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2026-01-20 | 8.1 High |
| Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15. | ||||